Skip to content

Latest commit

 

History

History
271 lines (209 loc) · 20.9 KB

2021-03-05.md

File metadata and controls

271 lines (209 loc) · 20.9 KB

This Week in Enhancements - 2021-03-05

Enhancements for Release Priorities

Prioritized Active Enhancements

<PR ID>: (activity this week / total activity) summary

There were 3 Prioritized Active pull requests:

  • 628: (18/122) general: automated resource request scaling (dhellmann)

    This enhancement describes an approach to allow us to scale the resource requests for the control plane services to reduce consumption for constrained environments. This will be especially useful for single-node production deployments, where the user wants to reserve most of the CPU resources for their own workloads and needs to configure OpenShift to run on a fixed number of CPUs within the host.

    One example of this use case is seen in telecommunication service providers implementation of a Radio Access Network (RAN). This use case is discussed in more detail below.

  • 593: (9/130) general: Add proposal for hiding container mountpoints from systemd (lack)

    The current implementation of Kubelet and CRI-O both use the top-level namespace for all container and Kubelet mountpoints. However, moving these container-specific mountpoints into a private namespace reduced systemd overhead with no difference in functionality.

  • 636: (2/53) kube-apiserver: API Removal Notifications (sanchezl)

    Notify customers that an API that will be removed in the next release is in use.

Other Enhancements

Other Merged Enhancements

<PR ID>: (activity this week / total activity) summary

There were 5 Other Merged pull requests:

  • 581: (9/122) network: Add network flows export support proposal (rcarrillocruz)

    Collecting all traffic from a cluster at a packet level would be an enormous amount of data. An alternative approach for analysis of network traffic is to capture only metadata about the traffic in a cluster. This metadata would include information like the protocols, source and destination addresses, port numbers, and the amount of traffic. Collecting this metadata becomes a more manageable approach to getting visibility into network activity across the cluster.

    There are existing protocols for how this metadata is transmitted between systems, including NetFlow, IPFIX, and sFlow. Open vSwitch (OVS) supports these protocols and OVS is a fundamental building block of the OVN-Kubernetes network type.

    This proposal discusses how we start providing this functionality by allowing cluster administrators to enable the export of network flow metadata using one of these protocols.

  • 651: (7/9) cluster-logging: Implement forwarder-label-selector in 2 phases. (alanconway)

    Add an input selector to the ClusterLogForwarder (CLF) to collect application logs only from pods identified by labels.

    Kubernetes has two ways to identify pods: namespaces and labels. The CLF already has an input selector for namespaces, this enhancement will add a selector for labels.

  • 667: (5/6) cluster-logging: Rename API field structured as parse to avoid confusion. (alanconway)

    This enhancement will allow structured JSON log entries to be forwarded as JSON objects in JSON output records.

Other Updates

  • 649: (2/19) general: conventions: update the resources and limits section (dhellmann)

    Expand the "Resources and Limits" section of the conventions document with more detail about why we have the conventions we do, where the formula for CPU resource requests came from, and links to the history of work on resource requests.

  • 672: (3/3) network: Fix schema and capitalization of netFlow/sFlow/ipfix (rcarrillocruz)

Other New Enhancements

<PR ID>: (activity this week / total activity) summary

There were 6 Other New pull requests:

  • 671: (41/41) monitoring: enhancements/monitoring: Describe single replica topology mode (lilic)

    The monitoring stack needs to react based on the infrastructureTopology field newly added to infrastructures.config.openshift.io CRD. Plan is to detect whenever cluster is in single replica topology mode and reduce the monitoring stack footprint by adjusting platform monitoring instances to be non Highly Available.

  • 673: (5/5) machine-api: short-circuiting-backoff (mshitrit)

    By using MachineHealthChecks a cluster admin can configure automatic remediation of unhealthy machines and nodes. The machine healthcheck controller's remediation strategy is deleting the machine, and letting the cloud provider create a new one. This isn't the best remediation strategy in all environments.

    Any Machine that enters the Failed state is remediated immediately, without waiting, by the MHC When this occurs, if the error which caused the failure is persistent (spot price too low, configuration error), replacement Machines will also be Failed As replacement machines start and fail, MHC causes a hot loop of Machine being deleted and recreated Hot loop makes it difficult for users to find out why their Machines are failing.

    With this enhancement we propose a better mechanism. In case a machine enters the Failed state and does not have a NodeRef or a ProviderID it'll be remediated after a certain time period has passed - thus allowing a manual intervention in order to break to hot loop.

  • 674: (78/78) authentication: Service CA Certificate Generation for StatefulSet Pods, first version (mtrmac)

    The Service CA can be used to automatically generate certificates for StatefulSets, to allow TLS-protected communication between StatefulSet pods.

    The user adds a service.beta.openshift.io/serving-cert-secret-name: $secretName annotation, and a $secretName secret is generated, which can be mounted in the StatefulSet’s pods.

    Creating/scaling up a StatefulSet triggers both creating the StatefulSet pods and a secret creation/update, which race against each other. So, the pods must fail, or wait, if a certificate for their identity is not found.

  • 675: (2/2) operator-sdk: enhancements: Fix various links in the downstream operator-sdk proposal (timflannagan)

    The Operator SDK currently ships the Ansible and Helm Operator base images downstream. The purpose of this enhancement is to add a supported Operator SDK base image as well as an operator-sdk binary. In addition, to add more automation to syncing upstream with downstream.

  • 676: (1/1) kube-apiserver: api compatibility (sanchezl)

    The Summary section is incredibly important for producing high quality user-focused documentation such as release notes or a development roadmap. It should be possible to collect this information before implementation begins in order to avoid requiring implementors to split their attention between writing release notes and implementing the feature itself.

    A good summary is probably at least a paragraph in length.

  • 677: (5/5) kata-containers: kata containers enhancement proposal (fidencio)

    Kata Containers is an open source project developing a container runtime using virtual machines and providing the same look and feel as vanilla containers. By leveraging hardware virtualization technologies, Kata Containers provides powerful workload isolation compared to existing container solutions.

    We will be integrating Kata Containers into OpenShift to provide the ability to run kernel isolated containers for any workload which requires:

    • custom kernel tuning (sysctl, scheduler changes, cache tuning, etc);
    • custom kernel modules (out of tree, special arguments, etc);
    • exclusive access to hardware;
    • root privileges;
    • any other administrative privileges above and beyond what is secure in a shared kernel environment (regular runc).

    It should be noted that Kata Containers differ from Kubevirt:

    • Kubevirt aims to run VM images on OpenShift providing the VM with the look and feel of a virtual machine running as a legacy VM (CRD defining a Virtual Machine in Kubernetes)
    • Kata Containers aim to run container images on OpenShift in an isolated manner using virtualization tools (uses Runtime Class resource to choose Kata only for specific workloads which require kernel level isolation)

Other Active Enhancements

<PR ID>: (activity this week / total activity) summary

There were 15 Other Active pull requests:

  • 637: (35/226) monitoring: Add: Alerting Standards (michaelgugino)
  • 656: (27/50) console: CONSOLE-2355: Update Quick Start proposal with i18n (rebeccaalpert)
  • 574: (24/449) installer: First iteration of running the Assisted Installer in end-user clusters. (mhrivnak)
  • 549: (13/85) storage: Add proposal for CSI migration (bertinatto)
  • 571: (8/224) network: Cloud API component for egress IP (alexanderConstantinescu)
  • 666: (8/11) kube-apiserver: adding new userequest audit policy (EmilyM1)
  • 647: (6/45) windows-containers: WINC-544: Enhancement proposal for monitoring Windows Nodes (VaishnaviHire)
  • 292: (4/199) machine-api: Add Managing Control Plane machines proposal (enxebre)
  • 650: (4/39) scheduling: Add ClusterOperator Scheduling (michaelgugino)
  • 654: (4/6) dns: ARO private DNS zone resource removal (jim-minter)
  • 567: (4/104) machine-api: Added proposal for remediation history (slintes)
  • 357: (4/201) accelerators: Supporting out-of-tree drivers on OpenShift (zvonkok)
  • 664: (3/13) ingress: Add proxy-protocol enhancement (Miciah)
  • 463: (2/572) machine-api: Describing steps to support out-of-tree providers (Danil-Grigorev)
  • 617: (2/123) network: [SDN-1364] Add Network Policy audit logging Enhancement (astoycos)

Other Closed Enhancements

<PR ID>: (activity this week / total activity) summary

There were 2 Other Closed pull requests:

  • 489: (2/5) kube-apiserver: p2pnc: update (sanchezl)
  • 524: (4/408) network: New method for providing configurable self-hosted LB/DNS/VIP for on-prem (yboaron)

Old (labeled as stale, but discussion in last 7 days) Enhancements

<PR ID>: (activity this week / total activity) summary

There were 5 Old (labeled as stale, but discussion in last 7 days) pull requests:

  • 265: (1/138) general: Signal cluster deletion (abutcher)
  • 443: (1/95) machine-config: Support a provisioning token for the Machine Config Server (cgwalters)
  • 462: (1/35) ingress: Add client-tls enhancement (Miciah)
  • 525: (1/6) machine-config: Add FCCT support in MC proposal (LorbusChris)
  • 551: (2/32) machine-api: Propose to backport the "external remediation template" feature (slintes)

Other lifecycle/stale Enhancements

<PR ID>: (activity this week / total activity) summary

There were 6 Other lifecycle/stale pull requests:

  • 296: (0/180) network: Add ovs-hardware-offload enhancement (zshi-redhat)
  • 415: (0/10) etcd: add backup config controller (hexfusion)
  • 417: (0/115) installer: Add enhancement: IPI kubevirt provider (ravidbro)
  • 480: (0/85) etcd: enhancements/etcd: support assisted install (hexfusion)
  • 527: (0/73) installer: enhancement/installer: check OpenStack versions (EmilienM)
  • 531: (0/14) update: enhancements/update/channel-metadata: Distribute channel description strings (wking)

Idle (no comments for at least 7 days) Enhancements

<PR ID>: (activity this week / total activity) summary

There were 56 Idle (no comments for at least 7 days) pull requests:

  • 124: (0/75) update: enhancements/update/automatic-updates: Propose a new enhancement (wking)
  • 137: (0/286) general: CLI in-cluster management (sallyom)
  • 146: (0/213) installer: openstack: Add Baremetal Compute Nodes RFE (pierreprinetti)
  • 174: (0/58) builds: first draft of configmap/secret injection via volumes enhancement (bparees)
  • 177: (0/38) olm: Library for OLM operator-inspect functionality (shawn-hurley)
  • 201: (0/80) general: bootimages: Downloading and updating bootimages via release image (cgwalters)
  • 255: (0/108) monitoring: add restart metrics enhancement (rphillips)
  • 302: (0/27) kube-apiserver: [thought-experiment] single-node cluster static pod creation (deads2k)
  • 341: (0/80) maintenance: Machine-maintenance operator proposal (dofinn)
  • 343: (0/43) authentication: cluster-wide oauth-proxy settings (deads2k)
  • 346: (0/83) installer: Installer pre-flight validations (mandre)
  • 361: (0/109) baremetal: Minimise Baremetal footprint, live-iso bootstrap (hardys)
  • 363: (0/201) cvo: Enhancement for adding upgrade preflight checks for operators (LalatenduMohanty)
  • 366: (0/76) kata-containers: kata containers enhancement proposal (ariel-adam)
  • 371: (0/15) ingress: Add forwarded-header-policy enhancement (Miciah)
  • 400: (0/18) general: OpenStack AZ Support (iamemilio)
  • 403: (0/16) authentication: webhook authentication: kubeconfig auth specification, 0-ttl cache (stlaz)
  • 406: (0/16) kube-apiserver: Add preliminary data section to network check enhancement. (sanchezl)
  • 411: (0/62) installer: run the Assisted Installer on-premise as opposed to utilizing a cloud service (mhrivnak)
  • 426: (0/124) general: enhancements/update/targeted-update-edge-blocking: Propose a new enhancement (wking)
  • 427: (0/54) update: enhancements/update/phased-rollouts: Propose a new enhancement (wking)
  • 447: (0/30) insights: Insights-gateway (iNecas)
  • 465: (0/43) insights: Insights operator up to date gathering (martinkunc)
  • 468: (0/48) machine-api: Add dedicated instances proposal (alexander-demichev)
  • 477: (0/41) update: enhancements/update/manifest-install-levels: Propose a new enhancement (wking)
  • 483: (0/21) machine-api: Add proposal for API to automatically spread MachineSets across AZs. (dgoodwin)
  • 486: (0/71) local-storage: Adds proposal for auto partitioning in LSO (rohan47)
  • 492: (0/45) rhcos: add rhcos-inject enhancement (crawford)
  • 497: (0/11) cloud-integration: Initial draft of Cloud Credentials Rotation. (dgoodwin)
  • 520: (0/13) network: Static IP Addresses from DHCP (cybertron)
  • 522: (0/13) olm: Update OLM managed operator metrics enhancement (awgreene)
  • 538: (0/14) machine-api: update machine-api-usage-telemetry (elmiko)
  • 547: (0/36) baremetal: Propose BMC-less remediation enhancement (AKA poison pill) (n1r1)
  • 554: (0/7) general: conventions: Clarify when workload disruption is allowed (smarterclayton)
  • 562: (0/149) security: Enhancing SCC to Gate Runtime Classes (haircommander)
  • 564: (0/17) cluster-logging: Allowing users to specify a delete policy based on amount of storage used within the ES cluster (ewolinetz)
  • 566: (0/44) general: Separating provider-specific code in the installer (janoszen)
  • 575: (0/74) installer: Installer Enhacement Proposal: Manifests from STDIN (oglok)
  • 590: (0/5) authentication: add 'Allowing URI Scheme in OIDC sub claims' (stlaz)
  • 603: (0/53) network: Initial proposal of allow mtu and overlay port changes (juanluisvaladas)
  • 613: (0/2) network: NetworkPolicies for System Namespaces (danwinship)
  • 618: (0/14) network: Add more details about host port ownership (danwinship)
  • 623: (0/1) storage: Confirm Azure Disk names (huffmanca)
  • 624: (0/19) update: Add: upgrade-blocker-operator (michaelgugino)
  • 626: (0/33) machine-config: enhancements/machine-config: securing MCS (crawford)
  • 635: (0/11) manifestlist: IR-57: API changes for manifest list support (ricardomaraschini)
  • 642: (0/48) kubelet: Dynamic node sizing (harche)
  • 643: (0/64) update: Add Reduced Reboots enhancement (sdodson)
  • 652: (0/1) node: Enable cgroup v2 support (harche)
  • 657: (0/15) dns: Add managementState field to the DNS operator (rfredette)
  • 660: (0/11) cluster-logging: Flow control API enhancements, first draft. (alanconway)
  • 661: (0/41) operator-framework-api: New OpenshiftCatalogueValidator in operator-framework/api (camilamacedo86)
  • 663: (0/9) dns: Add configurable-dns-pod-placement enhancement (Miciah)
  • 665: (0/8) ingress: Add power-of-two-random-choices enhancement (Miciah)
  • 668: (0/16) console: Add Customize Project Access Roles proposal (jerolimov)
  • 669: (0/1) console: Add Customize Add Page proposal (jerolimov)